Sage Journals: Discover world-class research

Abstract

Many different kinds of robot systems have been successfully deployed in complex environments, while research into collaborative control systems between different robots, which can be seen as a hybrid internetware safety-critical system, has become essential. This paper discusses ways to construct robust and secure reliability architecture for collaborative robot control systems in complex environments. First, the indication system for evaluating the real-time reliability of hybrid internetware systems is established. Next, a dynamic collaborative reliability model for components of hybrid internetware systems is proposed. Then, a reliable, adaptive and evolutionary computation method for hybrid internetware systems is proposed, and a timing consistency verification solution for collaborative robot control internetware applications is studied. Finally, a multi-level security model supporting dynamic resource allocation is established.

Keywords

Reliability Model Safety-critical System Internetware Robot Control Systems in Complex Environments

1. Introduction

Currently, open architecture-based collaborative robot control systems represent an overwhelmingly important domain in scientific research within the robotics industry [1]. Traditional collaborative robot control systems were generally integrated using “stovepipe architecture”, an up-down structure that largely or entirely restricts the flow of information within the organisation through lines of control and application-use specialized hardware, software and interfaces. All applications stand on top of the underlying network, just like a stovepipe. Interconnections amongst applications and multiple programs are limited by the exceedingly small interface and API. Stovepipe architecture is likely to cause some or all of the following problems [2 –4]: 1) poor interoperability of information and data between applications; 2) lack of workflow design, integrated management and service synthesis; 3) inability to share the underlying network and computing storage resources, causing redundancy of resources; 4) a “single point of failure,” in which the system will fail with even a single link to an error in any part of the application, including software, hardware and interface, because the system has no redundancy or dynamic configuration capability; and 5) very low levels of openness and standardization of the overall system.

Recent advances in robotics have made possible the design of even more intelligent robots that can help people working in hazardous environments. However, robots deployed in these complex environments may face various challenges related to environment perception, motion planning and control, as well as advanced artificial intelligence settings based on the complexity of working environments. Exclusive equipment and customized developmental patterns have greatly increased the cost of developing, maintaining and upgrading collaborative robot control systems. It is also difficult to re-use already-developed systems in other cases. Therefore, carrying out studies of advanced architecture of collaborative robot control systems is crucial to advancing the field of robotics.

Enormous similarities exist between the computing environment of collaborative robot control systems and the internet: both are complex systems connected by multiply-linked networks, and both constitute many heterogeneous platforms of computing nodes or control systems that provide outward features of services by time and space and require the consistent coordination of multiple nodes to provide more complex functionality. Therefore, it is natural to introduce established internetware architecture and models into the architecture of collaborative robot control systems [4]. However, when compared to general internetware systems, other than non-real-time software systems, robotics features a multitude of real-time distributed embedded systems and different kinds of collaborative robot control systems to control many types of equipment, such as fire control mechanisms or weapons systems. These are typically safety-critical systems, for which the reliability and safety of the software systems must be guaranteed at all times. Software information systems composed of common internetware services software and safety-critical systems internetware are called hybrid safety-critical systems, or internetware hybrid systems for short. The most important technical role for internetware software architecture is to achieve dynamic configuration of the system, including dynamic correction of system parameters, dynamic allocation of resources and dynamic synthesis of services. On the one hand, collaborative robot control systems have the performance characteristics of internetware, namely open, collaborative and autonomous. On the other hand, collaborative robot control systems possess predictability in their resources, while the need for a secure operating system is no less critical. Although user access is not a problem, secure communications and safe process execution remain areas of concern. Careful development and verification of the operating system and trusted applications are necessary in order to ensure that the system is free from security vulnerabilities. Therefore, the study of the hybrid system reliability model of collaborative robot control systems has its particularity, and the existing reliability model cannot be directly applied to collaborative robot control systems.

This paper reports our efforts to construct a redundancy service-supported, reliable and secure configuration model for robotic hybrid internetware safety-critical systems. On the basis of the existing service-oriented internetware architecture and related technologies, we establish a reliability configuration model that supports the real-time operation of safety-critical application systems for robots, as well as performing standard internetware service applications. The main focus of this study is establishing a real-time reliability evaluation indication system, with dynamically collaborative and adaptive evolution components, as well as consistency of sequence in time for safety-critical systems and resources access control. The main work of this study proceeds as follows:

To establish the indication system for evaluating the real-time reliability of internetware hybrid systems.

To propose a dynamic components reliability collaborative model for internetware hybrid systems.

To study a reliable adaptive evolutionary computation method for internetware hybrid systems.

To propose a timing consistency verification solution for hybrid safety-critical systems software with robotic and internetware applications.

To establish a multi-level security model that supports dynamic resource allocation.

2. Related Works

The development of foreign robot hybrid control integration systems (RHCISs) has proceeded through three stages: the single machine system, the federal system integration and the “net integrated” system [5 –7]. The development of robot control information integration echoes the process of general computer software, from a single computer system to parallel systems, component systems and, finally, internetware systems. These systems achieve plug-and-play (PNP) by the use of general computers, network hardware and distributed middleware systems, which include packaging commands, sensors, actuators, collaborative robot control systems and other specific application components, thereby improving the adaptability of robot control platforms for complex environments and tasks. One of the most typical and prominent systems, America's newest destroyer DDG-1000 and its TRCCE system, adopted a new generation of integrated technology based on the open architecture of the network. For the special safety-critical single machine systems, the system is distributed independently, while its reliability is reflective of a single dedicated software system, as well as the evaluation of safety performance. Most commonly used methods for reliability evaluations are path-based [8] and state-based models [9], while the reliability of the direct dynamic configuration of a software system is rarely considered.

With the emergence of new features in networks, components and other software systems, RHCISs require flexible reliability architecture to deal with the internet's complexity and dynamism. Large-scale environments are open, dynamic and complex, and collaborative robot control systems with a central architecture have a single point of failure. Therefore, a reliable framework should feature flexible distributed architecture, automated adaptation and recovery mechanisms to ensure continuous operations, despite single node failures. System reliability is reflected not only in the reliability, safety performance and other aspects of a single system, but also in multi-system performance and the reliability of a problem amongst multiple components. Given that the reliability model of a single-machine system is not competent, a series of software reliability models is emerging that considers the reliability of the components [6 –8], including component-dependency graphs (CDGs), path models and state machines.

Yacoub et al. [6] used CDGs for the purpose of risk assessment, developing a risk aggregation algorithm that traverses the new graphs. They also presented a method for reliability risk assessment at the early stages of the development life cycle, namely the architecture level. This method combines severity and complexity factors to develop heuristic risk factors for architecture components and connectors, and it indicates the probability of conversion and the reliability of components, connections and interfaces amongst components, as well as controlling other aspects of conversion by CDGs. Lo et al. [7] proposed a new approach to assessing the reliability of a component-based software system predicated on the reliability of the individual components and the architecture of the system. They divided the system into three different styles of architecture to consider: single input - single output, single input - multiple output, and multiple input - multiple output. They also presented a sensitivity analysis on the reliability of component-based software in order to determine which of the components most affects the system's overall reliability. Reussner et al. [8] showed how state machines allow software architects to predict component reliability through compositional analysis of usage profiles and environmental component reliability. Their evaluation confirms that prediction accuracy for software components necessitates modelling the behaviour of binary components and the dependency of the provided services on their required components. In other words, they advocated a reliability model parameterized by required component reliability in a deployment context, describing the behaviour of interfaces, state transition probabilities and state reliability through the interface protocol of a state machine.

Typical resource allocation methods [9 –15] for internetware software include the formal modelling method, the parameter constraint method and the autonomic computing method. The formal model uses the common method and language to realize the configuration of the internetware software resource. Tsai et al. [9] proposed priced probabilistic process algebra (PPPA) by extending existing process algebra with QoS modelling capability. However, this method is founded on the conditions of infinite internet resources and abundantly scalable homogeneous resources. Robot control systems are difficult to achieve with limited resources and without the constraints of formal resource allocation modelling. Zhao et al. [10] proposed a new method for checking reachability based on the algebraic model of internetware; this method targets the challenge of exploding state space where internetware is searched. By discovering the relationship between internetware software reachability and operation expression, they converted reachability into the recursion of internetware operation expression. However, this method cannot solve the problem of introducing new constraints to robot control system resource upgrades.

The parameter constraint method first constructs the resource allocation model, and then introduces a series of parameters as constraints that are related to the reliability, which yields an allocation strategy for adjusting resources. Huang et al. [11] proposed an automatic composition service discovery model, in which the static structure and dynamic behaviour characteristics of the combined process are introduced as constraints to form a framework for automatic service discovery based on process similarity. However, in collaborative robot control systems, the structure and behaviour of the constraint parameters are highly correlated, including the service process portfolio and the time, making Huang et al.'s method unsuitable. Du et al. [12] proposed an internetware reliability measurement model based on service updates. In their model, the service update intensity is applied to the Musa-Okumoto model, which is one of the most widely used software reliability models; therefore, this model expands under new software paradigms, as well as addresses internetware deterioration and condition. However, the model only takes into account service update constraints, and not resource upgrades, expansion and other constraints; therefore, the model is not applicable to collaborative robot control systems in which the resource is updated.

In recent years, autonomic computing methods [13 –21] have also been proposed for resource allocation; these methods require a system to adapt its structure and environment in order to meet the resource requirements of service without manual intervention and realize the reliable allocation of resources. Liao et al. [18] proposed an autonomous, normative and guidable agent model called the general autonomic computing method, which can target system parameters for dynamic calibration, realize the diagnosis, repair and reconfigure resource allocation, and position distributed resources to the key service in real time in a complex environment, so that reliability in a dynamic mixing system's resource allocation can improve. They further proposed a method for autonomic computing of changes in software models, which can be performed according to the system parameters in order to achieve the allocation of resources for diagnosis, dynamic correction, repair and reconfiguration, together with real-time location of distributed resources for critical services in collaborative robot control systems.

3. Reliability Configuration of Internetware Safety-critical Systems for Robot Control

Fig. 1 summarizes the framework for reliability configuration of internetware safety-critical systems for robot control.

Figure 1.

Framework for reliability configuration of internetware safety-critical systems for robot control

4. Real-time Communication Security Indemnification for RHCIS

Application systems' coupling of component services for internetware software architecture can be integrated via middleware platforms or service stream data buses. Real-time communication security indemnification represents a key issue in constructing mixed systems to solve the interconnection of heterogeneous systems. The most commonly used service bus or middleware standard is based on network layers or higher-level object descriptions of Open System Interconnection (OSI). The data link layer can be extended to reinforce real-time communication performance in order to enhance the practical application of hard real-time supporting capabilities. Researchers in Zhejiang University have devised a real-time fieldbus technology known as Ethernet for Plant Automation (EPA). As a profound real-time Ethernet technology, EPA changes the structure of traditional Ethernet by incorporating an extended sub-layer communication scheduling management entity (CSME) into the data link layer, which ensures communication and avoids packet collision or loss. The implementation of mapping fusion for specific middleware communication protocols and EPA can strengthen middleware end-to-end real-time QoS quality via a network protocol optimization; it can also enhance the real-time performance of internetware hybrid systems, as well as better support synergy and temporal consistency control for components services.

5. Quantitative Reliability Evaluation of Internetware Hybrid Systems

Traditional software reliability growth models and internetware software reliability analyses based on non-real-time components are not suitable for collaborative robot control systems. In contrast to robotic internetware software, it is indispensable for these systems to establish the following: a real-time and non-real-time resource reliability integration model, a real-time, reliable transmission model for network connectors, a single-path internetware system reliability evaluation model, and a multipath reliability probability distribution model. Different kinds of systems exist in robot control internetware software architecture, including non-traditional general-purpose computer systems for internetware software, as well as real-time embedded systems for robot control. In reliability research into hybrid safety-critical systems, the first factor to consider is the real-time performance. The reliability requirements of real-time services and high priority tasks, including resource allocation reliability, quality, service reliability and real-time task response reliability, must be considered within the existing resources and capabilities in real-time demand conditions. Overall system reliability is the second factor to consider; it must be ensured in both the allocation of resources in the internetware software upgrades and the expansion of functional requirements.

According to the traditional software reliability evaluation, the concrete evaluation index includes initial failure rate, accidental failure rate, the mean time before failure, total faults, fault density, the mean time between repairs and the mean time between failures. Besides the traditional evaluation indexes above, Fig. 2 summarizes the quantitative reliability evaluation indicators for internetware hybrid systems. Considering the requirement of real-time performance of both system services and communication resources in time-critical constraints, we planned a series of quantitative reliability indicator evaluations, establishing an end-to-end quality evaluation system from the resources to the services.

Figure 2.

Quantitative reliability evaluation indicators for internetware hybrid systems

The methods of promoting internetware reliability can mainly be divided into three kinds as follows:

Evading error technology - This technology is the most basic request to a software system. During the software production process, the design methodology is mainly adopted to reduce software errors.

Recovering error technology - A software system must be tested and debugged to remove the existing software faults, while the new technology aims to improve internetware reliability in the internet platform environment.

Fault-tolerance technology - A software system must be characterized by its robustness, while the fault-tolerant technology is to make sure that a software system runs correctly when software faults exist.

6. Resource Reservation Mechanism for Reliability Assurance

Resources in internetware hybrid systems demonstrate diversity, strong independence, dynamic cooperation and integration of resources, both directly and by means of static connections. These systems inevitably encounter several problems, including the allocation and deployment of resources, conflicts in resource allocation, resource pre-emption and release, scheduling of information flow, and controlling the flow between resources. As sharp differences exist between the real-time priority needs of different services for time-critical resources, it is important to carry out research comparing different measurements between internetware entities in order to ensure the reliability of the system while handling these tasks. Based on the dynamic integration of resources, we established collaborative computing methods and a model of hybrid internetware components in order to ensure reliable, time-critical collaboration resource constraints.

Certainty allocation of system resources is critical in real-time robot control applications; this is mainly reflected in the timeliness allocation of resources and stable reliability. This study introduces the real-time operating system resource reservation mechanism to the network configuration of hybrid systems. Carrying out the resource reservation configuration of hybrid systems requires the following: classifying the heterogeneous resources of the robot control system; adding a resource mapping layer into the system architecture; fulfilling the integrated management of resources by the resource allocation core; building a resource pool by resource association and mapping in order to schedule hybrid resource reservations; gathering statistics on resource usage; reserving and refreshing resources; enforcing discontinuation of resources; and recycling resources. We propose a real-time priority model for system services based on real-time service priority. This model adopts top priority protocols, priority inheritance protocols and priority limitation protocols between applications and the resources mapping layer; this is in order to process resource allocation conflicts, ensure that high priority services receive required resources quickly, and avoid the problems of congestion, priority inversion, resource interlocking and unlimited resource occupancy in pre-emption of different real-time priorities.

7. Resource Status Detection and Dynamic Adaptive Evolution

Distinguishing characteristics of an internetware system include strong resource upgrades and function expansion, while system attributes, such as reliability, stability and real-time performance, may be influenced by newly introduced resources. Furthermore, new real-time service expansions may break the existing resource configuration status in hybrid heterogeneous systems. Therefore, it is necessary to study reliable methods of adaptation, such as resource initiative recognition and active configuration in internetware hybrid systems, as well as the adaptive evolution model and dynamic resource configuration policies in real-time embedded systems that support a variety of limited resources, in order to deal with determinative problems of reliability and time-critical or instant state migration with system upgrades and expansion.

After meeting the needs of application services and completing the initial stage's reliable allocation, safety-critical systems also face the problem of system upgrades and functional extensions. System reliability and real-time performance are influenced by extending real-time services and introducing new heterogeneous resources. A dynamic software configuration method based on autonomous computing [19–20] can create a dynamic adaptability evolution model for the hybrid system and set a state threshold based on the perception of the resource status. The reconstruction of system resources is achieved by environmental drivers and real-time event-driven modes, as well as evolutionary algorithms in real-time priority.

8. Timing Compliance Verification Based on Process Algebra

One of the greatest advantages of using internetware architecture is that it enables the dynamic configuration of resources; one of the most important criteria by which to measure system reliability concerns the protection of the system software workflow correctness, also known as consistency with the original process, after the dynamic configuration of the resources. In a robot control environment that contains many real-time embedded systems running concurrently, consistency also means that all components must be executed in the correct time zone, while dynamic coupling services must ensure the consistency of execution timing.

Internetware software is coupled with a different entity from autonomous services, achieving the target of completing business logic by service synergy. By analysing consistency of system disorders in service internetware software run-time information, we found that the main causes of collaborative services failures are dynamic coupling, member mismatch and timing hybridization of real-time systems in the coupling process between software service entities. Mature processing artifices, methods of consistency detection and compensation for dynamic coupling, and components mismatch have caused synergistic failures in traditional internetware architecture. We introduced real-time process algebra into modelling services with coupled processes for hybrid real-time safety-critical systems in order to achieve consistency of service coupling process timing in real-time systems.

Process algebra is a formal language for system design and analysis based on vocabulary; it is a form of calculus of communication systems (CCS) that is expanded to achieve the modelling of real-time systems, thereby generating process algebra. The real-time services of hybrid systems can be described as a tuple with the temporal dynamics priority of process algebra, so as to deduce the migration process for real-time service. Consistency compensation can be adapted using context-aware services with inconsistencies found during the deduction of process algebra.

9. Communications Security Between Hybrid Safety-critical Systems

Application scenarios for hybrid internetware systems with multi-traffic flow in real-time composite transport require security scheduling policy under multiple requirements of real-time and concurrent collaboration, which is accomplished through a communication scheduling arbitration mechanism based on multi-level security. The associated security level of an entity with a communication link security mechanism, under quality constraints that dictate secure communications services and real-time performance, can propose a dynamic, secure encryption criteria based on real-time priority through identifying and distributing an algorithm addressing all types of traffic flow in the communications link. A multi-path mutual authentication mechanism can be constructed between entities by introducing adaptive asymmetric encryption algorithms in hybrid data streams. The consistency of multi-traffic flow can be verified on the basis of a hybrid business.

10. Model of Multiple Independent Levels of Security for Hybrid Safety-critical Systems

Different from ordinary internetware systems, the architecture of multiple independent levels of security (MILS) is applied to resource access models in hybrid safety-critical systems. Fig. 4 describes the new hierarchy isolation architecture for internetware hybrid systems, in which all components of the system are not directly exposed to the middleware, while a new layer called the separation kernel is added into the safety architecture. Direct access of the separation kernel to the middleware resources can strictly ensure that the components access the allowed resources, similar to the sandbox in a traditional operating system. The separation kernel separates the resources of safety-critical systems from one another during execution, as well as plays an important role in overall system protection, so as to guard other related systems from danger or damage that could cause the failure of individual safety-critical systems.

Figure 3.

Resource allocation reliability model for component hybrid systems

Figure 4.

Hierarchy isolation architecture for an internetware hybrid system

11. Conclusion

Based on the existing service-oriented network components software architecture and related technologies, this work extends the existing body of research and builds a reliability configuration model that supports the real-time operation of safety-critical application systems for robot control, together with standard internetware service applications. This work focuses on the problems of establishing a system of real-time reliability evaluation indicators, developing dynamically collaborative and adaptive evolutionary components, promoting the consistency of sequence in time for safety-critical systems, and controlling resource access. In our future work, we will study the proposed framework in detail.

Footnotes

12. Acknowledgements

This research is based upon work supported in part by the National Natural Science Foundation of China (61103051, 61370173), the Zhejiang Provincial Natural Science Foundation (LY15F020018), the Zhejiang Provincial Science and Technology Plan of China (2015C33247), and the Huzhou Science and Technology Plan (2014GZ02).

References

Schmidt

D. C.

Schantz

R. E.

Masters

M. W.

Cross

J. K.

Sharp

D. C.

DiPalma

L. P.

Toward Adaptive and Reflective Middleware for Network-Centric Combat Systems. Crosstalk: The Journal of Defense Software Engineering, 2001, 14(11): 10–16.

Liu

Huang

W. L.

Jiang

Y. L.

Zeng

Z. Y.

Quick attribute reduct algorithm for neighborhood rough set model. Information Science, 2014, V271: 65–81.

Liu

Tang

Zeng

Z. Y.

Feature Selection Based on Dependency Margin. IEEE Transactions on CYBERNETICS, 2015, 45(6): 1209–1221.

Yacoub

S. Y.

Cukic

Ammar

H. H.

A scenario based reliability analysis approach for component based software. IEEE Transactions on Reliability, 2004, 53(4): 465–480.

Yin

J. W.

Chen

H. W.

Deng

S. G.

Z. H.

A Dependable ESB Framework for Service Integration. IEEE Internet Computing, 2009, 13(2): 26–34.

Yacoub

S. M.

Ammar

H. H.

A methodology for architecture-level reliability risk analysis. IEEE Transactions on Software engineering, 2002, 28(6): 529–547.

J. H.

Huang

C. Y.

Chen

I. Y.

Kuo

S. Y.

Lyu

M. R.

Reliability assessment and sensitivity analysis of software reliability growth modeling based on software module structure. Journal of systems and software, 2005, 76(1): 3–13.

Reussner

R. H.

Schmidt

H. W.

Poernomo

I. H.

Reliability prediction for component-based software architectures. Journal of systems and software, 2003, 66(3): 241–252.

Tsai

W. T.

Jin

Bai

X. Y.

Internetware computing: issues and perspective, International Journal of Software and Informatics, 2009, 3(4): 415–438.

10.

Liu

Zheng

X. L.

Tang

Chen

X F

. Ontology design with a granular approach. Expert Systems with Applications, 2014, 41(5): 4867–4877.

11.

Jiang

Y. L.

Y. X.

Liu

Performance evaluation of feature detection and matching in stereo visual odometry. Neurocomputing, 2013, v120: 380–390.

12.

Y. G.

Liu

Y. G.

Research on internetware reliability measurement model based on service update, Journal of Frontiers of Computer Science and technology, 2008, 2(4): 431–438.

13.

Calinescu

General-Purpose Autonomic Computing. In: Denko

M. K.

. (eds.), Autonomic Computing and Networking, 2009: 1–30.

14.

Chainbi

Mezni

Ghedira

An Autonomic Computing Architecture for Self-* Web Services. Proceedings of Autonomics, 2010: 252–267.

15.

Das

Kephart

J. O.

. Autonomic multi-agent management of power and performance in data centers. Proceedings of the 7th International Joint conference on Autonomous Agents and Multiagent Systems: industrial track, 2008: 107–114.

16.

Wolf

Holvoet

Design Patterns for Decentralised Coordination in Self-organising Emergent Systems. Proceedings of the 4th International Conference on Engineering Self-organising Systems, 2007: 28–49.

17.

Huebscher

M. C.

McCann

A survey of Autonomic Computing—degrees, models and applications. ACM Computing Surveys, 2008, 40(3):1–28.

18.

Liao

B. S.

Huang

H. X.

ANGLE: an autonomous, normative and guidable agent with changing knowledge. Information Sciences, 2010, 180(17): 3117–3139.

19.

Alves-Foss

Oman

Taylor

Harrison

The MILS architecture for high-assurance embedded systems. International Journal of Embedded Systems, 2006, 2(3/4): 239–247.

20.

Harrison

Hanebutte

Oman

Alves-Foss

The MILS Architecture for a Secure Global Information Grid. Crosstalk: The Journal of Defense Software Engineering, 2005, 18(10):20–24.

21.

Liu

Xiong

Robust and Accurate Multiple-camera Pose Estimation Toward Robotic Applications. International Journal of Advanced Robotic Systems, 2014, 11: 153.

Reliability Architecture for Collaborative Robot Control Systems in Complex Environments

Abstract

Keywords

1. Introduction

2. Related Works

3. Reliability Configuration of Internetware Safety-critical Systems for Robot Control

4. Real-time Communication Security Indemnification for RHCIS

5. Quantitative Reliability Evaluation of Internetware Hybrid Systems

6. Resource Reservation Mechanism for Reliability Assurance

7. Resource Status Detection and Dynamic Adaptive Evolution

8. Timing Compliance Verification Based on Process Algebra

9. Communications Security Between Hybrid Safety-critical Systems

10. Model of Multiple Independent Levels of Security for Hybrid Safety-critical Systems

11. Conclusion

Footnotes

12. Acknowledgements

References